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This is in response to the appeal brief filed 06/08/10 appealing from the Office action 
mailed 11/09/09. 

(1) Real Party in Interest 

The examiner has no comment on the statement, or lack of statement, identifying 
by name the real party in interest in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial 
proceedings which will directly affect or be directly affected by or have a bearing on the 
Board's decision in the pending appeal. 

(3) Status of Claims 

The following is a list of claims that are rejected and pending in the application: 
Claims 1-6,9,11 and 1 3-1 8 are pending. 

(4) Status of Amendments After Final 

The examiner has no comment on the appellant's statement of the status of 
amendments after final rejection contained in the brief. 

(5) Summary of Claimed Subject Matter 

The examiner has no comment on the summary of claimed subject matter 
contained in the brief. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The examiner has no comment on the appellant's statement of the grounds of 
rejection to be reviewed on appeal. Every ground of rejection set forth in the Office 
action from which the appeal is taken (as modified by any advisory actions) is being 
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maintained by the examiner except for the grounds of rejection (if any) listed under the 
subheading "WITHDRAWN REJECTIONS." New grounds of rejection (if any) are 
provided under the subheading "NEW GROUNDS OF REJECTION." 

(7) Claims Appendix 

The examiner has no comment on the copy of the appealed claims contained in 
the Appendix to the appellant's brief. 

(8) Evidence Relied Upon 

5,274,817 Stahl 12-1993 

5,274,817 Stahl 12-1993 

2004/0158729 Szor 08-2004 

5,956,479 Mclnerney et al. 09-1999 

2003/0188174 Zisowski 10-2003 

2002/0166067 Pritchard et al. 11-2002 

Choi et al. "A New Stack Buffer Overflow Hacking Defense Technique with 
Memory Address Confirmation", ICICS 2001, pages 146-159. 

(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 



Claim Rejections - 35 USC § 103 



1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 



obviousness rejections set forth in this Office action: 



(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1-2, 5-6, 9, 11, 13-15 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Stahl US 5,274,81 7 in view of Szor US 2004/01 58729 and in view of 
Choi et al. "A New Stack Buffer Overflow Hacking Defense Technique with Memory 
Address Confirmation", ICICS 2001 , pages 146-159 (hereinafter Choi). 
As per claim 1 : 

Stahl teaches a method of making the execution of a computer program secure 
(co/. 1, line 36; ensuring that the integrity of the stack during program execution), the 
method comprising: 

a processor performing: (col. 1, lines 55-67; col. 4, lines 52-55) 

a step of stacking a predetermined value in an instruction stack of the program; 
(co/. 1, lines 55-67; col. 4, lines 52-55; storing signature word in the stack) and 

a step of unstacking said stack, wherein if said predetermined value is 
unstacked, the anomaly processing function is executed, (col. 1, lines 62-67; col. 4, 
lines 57-64; col. 5, lines 8-1 7; if the signature word stored on the stack matches the 
entry address of the subroutine which was just execute. ..if the compared values do not 
match, it is assumed that an error has occurred and control is passed to the block 
where a software interrupt is executed) 

Stahl does not explicitly disclose said predetermined value being an address of 
an anomaly processing function, during the normal execution of the program, a step of 
removing said predetermined value from the instruction stack without executing the 
anomaly processing function. Szor in analogous art, however, discloses predetermined 



Application/Control Number: 10/563,554 Page 6 

Art Unit: 2437 

value being an address of an anomaly processing function, (figure 2, [0033]-[0040], 
[0050]-[0056],[0058]-[0061] Therefore it would have been obvious to one ordinary skill in 
the art at the time the invention was made to modify the method disclosed by Stahl with 
Szor in order to prevent unauthorized access by malicious hackers or replicating 
malware. ([0040]; Szor) 

Both references do not explicitly disclose during the normal execution of the 
program, a step of removing said predetermined value from the instruction stack without 
executing the anomaly processing function. Choi in analogous art, however, discloses 
during the normal execution of the program, a step of removing said predetermined 
value from the instruction stack without executing the anomaly processing function, 
(page 150-151 ; Section 3.1 and Section 3.2) Therefore it would have been obvious to 
one ordinary skill in the art at the time the invention was made to modify the method 
disclosed by Stahl and Szor with Choi in order to allow the function progress normally if 
the predetermined value has not been changed, (page 150, Choi) 

As per claim 2: 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses stacking and unstacking steps are respectively 
associated with elements of at least one subset of instructions of said program, (col. 4, 
lines 60-col, 5, lines 37; a branch to the subroutine is executed, the return address is 
stored on the stack ...when the return instruction is encountered, the return address is 
retrieved from the stack) 
As per claim 5: 
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The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses said program is written in a programming 
language including a first instruction whose execution implements said stacking step 
and/or a second instruction whose execution implements said unstacking step. (col. 2, 
line 61 -col 4, line 21; col. 4, lines 60-col, 5, lines 37) 
As per claim 6: 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses second instruction terminates said program or 
a subroutine of said program, (col. 2, line 61 -col 4, line 21; col. 4, lines 60-col, 5, lines 
37) 

As per claim 9: 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses wherein said program includes at least one call 
to a subroutine, characterized in that said stacking step is effected before said call and 
said predetermined value is eliminated from said stack during execution of said 
subroutine, (col. 2, line 61 -col 4, line 21; col. 4, lines 60-col, 5, lines 37) 

As per claim 1 1 : 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses wherein said programming includes at least 
one call to a subroutine, characterized in that said stacking step is effected during 
execution of said subroutine and said predetermined value is eliminated from said stack 
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after execution of said subroutine, (col. 2, line 61 -col 4, line 21; col. 4, lines 60-col, 5, 
lines 37) 

As per claim 13: 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses a computer readable information recording 
medium with a computer program recorded thereon, said information recording medium 
totally or partially removable, in particular a CD-ROM, or a magnetic medium, such as a 
hard disk or diskette wherein it includes instructions of the computer program for 
implementing a method according to claim 1 when that program is loaded into and 
executed by an electronic data processing system, (col. 2, line 61-col 4, line 21; col. 4, 
lines 60-col, 5, lines 37) 
As per claim 14: 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses a computer readable information recording 
medium with a computer program recorded thereon, said computer program including 
instructions for executing a method according to claim 1 when that program is loaded 
into and executed by an electronic data processing system, (col. 2, line 61-col 4, line 21; 
col. 4, lines 60-col, 5, lines 37) 

As per claim 15: 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses electronic entity that has been made secure 
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wherein it includes means for implementing a method according to claim 1 . (col. 2, lines 
15-33) 



1 . Claims 3-4 are rejected under 35 U.S.C. 103(a) as being unpatentable over Stahl 
US 5,274,817 817 in view of Szor US 2004/0158729 and in view of Choi et al. "A New 
Stack Buffer Overflow Hacking Defense Technique with Memory Address Confirmation", 
ICICS 2001, pages 146-159 (hereinafter Choi) and further in view Mclnerney et al. 
(hereinafter Mclnerney) US 5,956,479. 
As per claim 3: 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. None of the references explicitly disclose elements are respectively 
an opening bracket and a closing bracket in a system of brackets. Mclnerney in 
analogous art, however, discloses that elements are respectively an opening bracket 
and a closing bracket in a system of brackets, (col. 15, lines 12-21; set-up instruction 
map for function execution, ... such as opening and closing brace) Therefore it would 
have been obvious to one ordinary skill in the art at the time the invention was made to 
modify the method disclosed by Stahl, Szor and Choi with Mclnerney in order to set-up 
instruction map for a function execution to some predefined source position, such as 
opening and closing brace, (col. 15, lines 15-21; Mclnerney) 

As per claim 4: 

The combination of Stahl, Szor, Choi and Mclnerney teaches all the subject 
matter as discussed above. Stahl further discloses in that said unstacking step is 
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associated with a return instruction of said program or a subroutine of said program, 
(col. 4, lines 60-col, 5, lines 37) 

2. Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over Stahl US 
5,274,81 7 in view of Szor US 2004/01 58729 and in view of Choi et al. "A New Stack 
Buffer Overflow Hacking Defense Technique with Memory Address Confirmation", 
ICICS 2001, pages 146-159 (hereinafter Choi) and further in view of Zisowski US 
2003/0188174. 

As per claim 16: 

The combination of Stahl, Szor, Choi and Mclnerney teaches all the subject 
matter as discussed above. None of the references explicitly disclose the electronic 
entity is a smart card. Zisowski in analogous art, however, discloses that the electronic 
entity is a smart card, (page 2, pp. 17 and 30) Therefore it would have been obvious to 
one ordinary skill in the art at the time the invention was made to modify the method 
disclosed by Stahl, Szor and Choi with Zisowski in order to provide a system for 
detecting a possible malicious program that allows the identification of missing, added 
or modified program modules to a computer program running on microcontrollers, (page 

2, pp. 29-30; Zisowski) 

3. Claims 1 7-1 8 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Stahl US 5,274,81 7 in view of Szor US 2004/01 58729 and in view of Choi et al. "A New 
Stack Buffer Overflow Hacking Defense Technique with Memory Address Confirmation", 
ICICS 2001, pages 146-159 (hereinafter Choi) and further in view of Pritchard et al. 
(hereinafter Pritchard) US 2002/0166067. 
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As per claims 1 7 and 1 8: 

The combination of Stahl, Szor, Choi and Mclnerney teaches all the subject 
matter as discussed above. None of the references explicitly disclose wherein the 
anomaly processing function is adapted to destroy an operating system of said smart 
card. Pritchard in analogous, art, however, discloses wherein the anomaly processing 
function is adapted to destroy an operating system of said smart card. ([0073], [0087]) 
Therefore it would have been obvious to one ordinary skill in the art at the time the 
invention was made to modify the method disclosed by Stahl, Szor and Choi with 
Pritchard in order to provide automatically remove the anomaly by a clean version of the 
operating system. ([0073]; Pritchard) 

(10) Response to Argument 

Appellant argued that if one is to accept, arguendo, that Choi discloses the 
feature of the claim, then Choi would teach a feature exactly opposite of that posed by 
Stahl. As such the two references teach away from combination. 

Stahl teaches ensuring the integrity of the stack during program execution 
including storing a signature word on the stack, the signature word corresponding to an 
entry address code in memory for the subroutine and comparing the signautre word 
stored on the stack with the subroutine entry address code; passing control to the return 
address if the compared values are equal; and executing a software iterrupt if the 
compared values are not equal, (col. 1, lines 55-67) Stahl explicitly teaches that if the 
compared value are not equal executing a software interrupt. Stahl does not explicitly 
disclose wherein if said predetermined value is unstacked the anomally processing 
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function is executed. Choi teaches protecting systems against stack attacks by inserting 
a canary word to the stack just before, the return address when a function has been 
called, and when the function returns, StackGuard checks the canary word. If the 
canaray word has not been changed, then the function progresses normally. Because 
both Stahl and Choi teach methods for protecting the integrity of stack during program 
execution against malicious modifications, it would have been obvious to one skilled in 
the art to substitute one method for the other to achieve the predictable result of 
protecting a system against stack attacks by preventing modifying the return address 
from the stack area. (KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 
1385 (2007)) As discussed above, the references do not teach away from the 
combination because both Stahl and Choi teach ensuring integrity of stack during 
program execution Stahl by comparing the signature word stored on the satck and Choi 
by inserting and checking a canary word and progressing with normal exeuction if the 
canary work has not been changed. Therefore, the references do not teach away from 
the combination and it would have been obvious to one ordinary skill in the art to 
combine Stahl with Choi. 

(11) Related Proceed ing(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the 
Related Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 
Respectfully submitted, 
/Shewaye Gelagay/ 
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Examiner, Art Unit 2437 

Conferees: 

/Michael Pyzocha/ 

Primary Examiner, Art Unit 2437 

/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 



